From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753273AbdDKTyS (ORCPT ); Tue, 11 Apr 2017 15:54:18 -0400 Received: from nm26.bullet.mail.ne1.yahoo.com ([98.138.90.89]:47659 "EHLO nm26.bullet.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752580AbdDKTyQ (ORCPT ); Tue, 11 Apr 2017 15:54:16 -0400 X-Yahoo-Newman-Id: 231984.34180.bm@smtp107.mail.ne1.yahoo.com X-Yahoo-Newman-Property: ymail-3 X-YMail-OSG: 7g9WOWgVM1myhSnBJYPfHWO4LWhJvIBnBY98gJFGovI9rQo ziHmdVk6kEZr0UA5rrGbRHVQ_oQPVe_2nS.T1LDIIaU3K5SG4T19nEo.hg6Q 0hGyFlLDsY8ciZpQiG1KKTv7V6qOrVjNyshgQTrJf93blPOQmkmXmVIgC5Gx RAPJszynakt78VFE0kS49pFyESZ6XssQPq4s1o4TywNwDp1tkAVPZ7C_fAGU 4plUPpUVOJvN1xTELi.eX3tg0Ao0Yoa5ZnFMrdADP31611e8hspfBpW4Re6S mNGVQXIqVTU0eqLRnLmkbIwFw8PDi59G2HzRBkfNE4YqBmwaxcj2iS2v2WU1 _0r.n9Ae36N2l56KxxaUo0qHjeb3gUPvEZn5NvjAq2OhdkkPhgxV6bS1x1pk eJLuFk.IjA9Pr0M1Wh.k1GnU8nS6orfXIb1VYp3c9WgyA.IQe.9sClWvV3lh WG.MJThVmazVaGohlvlz6xTfj8EYMtwXjbamoyK2Oxd7r674qkOuE01gSmPq fqaLUs8BnEzFHx_6EMTt8tAJoOdPACahjROISyZTqdlQN4sOOtELNagynnCs biw-- X-Yahoo-SMTP: OIJXglSswBDfgLtXluJ6wiAYv6_cnw-- Subject: Re: [kernel-hardening] Re: [PATCH RFC v2 1/3] LSM: Allow per LSM module per "struct task_struct" blob. To: Kees Cook , Djalal Harouni References: <1491734530-25002-1-git-send-email-tixxdz@gmail.com> <1491734530-25002-2-git-send-email-tixxdz@gmail.com> <2698e97b-397e-0fc0-84a1-dc9a4226117a@schaufler-ca.com> Cc: Linux Kernel Mailing List , Andy Lutomirski , Andrew Morton , "kernel-hardening@lists.openwall.com" , LSM List , Linux API , Dongsu Park , James Morris , "Serge E. Hallyn" , Paul Moore , Tetsuo Handa , Greg Kroah-Hartman From: Casey Schaufler Message-ID: <8551d1ff-2c6e-bf9b-5615-fbff089ef252@schaufler-ca.com> Date: Tue, 11 Apr 2017 12:54:04 -0700 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 4/10/2017 9:43 PM, Kees Cook wrote: > On Mon, Apr 10, 2017 at 1:00 PM, Djalal Harouni wrote: >> On Mon, Apr 10, 2017 at 9:26 PM, Casey Schaufler wrote: >>> I think that would be the prudent approach. There is still >>> the possibility that blob sharing (or full stacking, if you >>> prefer) won't be accepted any time soon. >> Ok Casey! I will wait for more feedback, and if other maintainers do >> not object, I will convert it back to rhashtables in next iterations >> making sure that it should be simple to convert later to a blob >> sharing mechanism. > Would it be possible just to add a single field to task_struct if this > LSM is built in? I feel like rhashtables is a huge overhead when a > single field is all that's needed. Special casing the task_struct based on which modules are compiled in would work, but I'm under the impression that there's a strong desire to keep to one pointer for security module information in the major structures. The code for generalizing shared blobs isn't that hard, and y'all have seen it many times. It would be perfectly safe to convert the task, cred, inode and such blobs to be infrastructure managed right now. That wouldn't mean that all the stacking issues (e.g. audit and networking) would be addressed, or that all combinations of modules would work (i.e. no SELinux+Smack) but it would clear the way for this case. And Yama could use a blob if it wanted to. > > -Kees >